Azure Custom Locations RP Allows Privilege Elevation Over Network

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.6

Azure Custom Locations RP Allows Privilege Elevation Over Network

CVE-2026-26135

Summary

An attacker with permission to manage Azure Custom Locations can use this issue to gain control over network resources. This could allow them to access sensitive data or disrupt services. Users should update to the latest version of the Azure Custom Locations Resource Provider to fix this issue.

Original title

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

Original description

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

nvd CVSS3.1 9.6

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26135

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026